Admin equiv creates root owned files
Tim Winders
twinders at SPC.cc.tx.us
Fri May 29 15:00:38 GMT 1998
On Sat, 30 May 1998, Andrew Tridgell wrote:
> > I just noticed this and am questioning the security implications. I have
> > the following in smb.conf
> >
> > admin users = twinders
> > domain admin users = twinders
> >
> > When I login to Win95/WinNT with the twinders username and correct
> > password, any files created on the Samba server are owned root and group
> > system. This is under Digital Unix 4.0D and CVS HEAD from 5/24. Can
> > anyone explain why these files should be root owned instead of user owned?
>
> this is explained in the smb.conf man page.
>
> It is tempting to remove this option completely as so many people seem
> to just assume it works like the NT equivalent does. It really isn't a
> very useful option. Jeremy, what do you think? remove it?
>
> -----
> .SS admin users (S)
>
> This is a list of users who will be granted administrative privileges
> on the share. This means that they will do all file operations as the
> super-user (root).
>
> You should use this option very carefully, as any user in this list
> will be able to do anything they like on the share, irrespective of
> file permissions.
I read this, but disagree with how it should work. Is the ONLY thing it
does is FILE permissions? Are there other "domain" things that might pop
up in the future?
=== Tim
---------------------------------------------------------------------
| Tim Winders, CNE, MCSE | Email: TWinders at SPC.cc.tx.us |
| Network Administrator | Phone: 806-894-9611 x 2369 |
| South Plains College | Fax: 806-897-4711 |
---------------------------------------------------------------------
More information about the samba-ntdom
mailing list